CVE-2024-52021

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 8EPSS 0.04%High
CVE info copied to clipboard

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-52021

Nov 5, 2024 at 3:15 PM
First Article

Feedly found the first article mentioning CVE-2024-52021. See article

Nov 5, 2024 at 3:21 PM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 5, 2024 at 3:21 PM
CVSS

A CVSS base score of 8 has been assigned.

Nov 5, 2024 at 4:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.7%)

Nov 6, 2024 at 10:26 AM
Static CVE Timeline Graph

Affected Systems

Netgear/r8500
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI